Description: Fix for CVE-2018-12550
Author: Roger Light <roger@atchoo.org>
Forwarded: not-needed
Origin: upstream, https://mosquitto.org/files/cve/2018-12550/mosquitto-1.4.x_cve-2018-12550.patch
Index: mosquitto-1.4.10/src/security_default.c
===================================================================
--- mosquitto-1.4.10.orig/src/security_default.c
+++ mosquitto-1.4.10/src/security_default.c
@@ -231,7 +231,7 @@ int mosquitto_acl_check_default(struct m
 	char *s;
 
 	if(!db || !context || !topic) return MOSQ_ERR_INVAL;
-	if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
+	if(!db->config->acl_file && !db->acl_list && !db->acl_patterns) return MOSQ_ERR_SUCCESS;
 	if(context->bridge) return MOSQ_ERR_SUCCESS;
 	if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED;
 
@@ -442,6 +442,10 @@ static int _aclfile_parse(struct mosquit
 					fclose(aclfile);
 					return 1;
 				}
+			}else{
+				_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid line in acl_file \"%s\": %s.", db->config->acl_file, buf);
+				fclose(aclfile);
+				return 1;
 			}
 		}
 	}